CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-22249
https://notcve.org/view.php?id=CVE-2020-22249
06 Jul 2021 — Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution Una vulnerabilidad de ejecución de código remota en phplist versión 3.5.1. La aplicación no comprueba las extensiones de archivo almacenadas en el archivo zip del plugin, la carga de un plugin mal... • https://drive.google.com/open?id=1znDU4fDKA_seg16mJLLtgaaFfvmf-mS6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22251
https://notcve.org/view.php?id=CVE-2020-22251
06 Jul 2021 — Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en phpList versión 3.5.3, por medio del campo login name en Manage Administrators al añadir un nuevo administrador • https://github.com/phpList/phplist3/issues/660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36399
https://notcve.org/view.php?id=CVE-2020-36399
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "rule1" bajo el módulo "Bounce Rules" • https://github.com/phpList/phplist3/issues/675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36398
https://notcve.org/view.php?id=CVE-2020-36398
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo "Campaign" bajo el módulo "Send a campaign" • https://github.com/phpList/phplist3/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23194
https://notcve.org/view.php?id=CVE-2020-23194
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en la funcionalidad "Import Subscribers" de phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23192
https://notcve.org/view.php?id=CVE-2020-23192
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "admin" en el módulo "Manage administrators" • https://github.com/phpList/phplist3/issues/671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23190
https://notcve.org/view.php?id=CVE-2020-23190
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en el módulo "Import emails" en phplist versiones 3.5.4, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23217
https://notcve.org/view.php?id=CVE-2020-23217
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Add a list" bajo el módulo "Import Emails" • https://github.com/phpList/phplist3/issues/672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23214
https://notcve.org/view.php?id=CVE-2020-23214
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Configure categories" del módulo "Categorise Lists" • https://github.com/phpList/phplist3/issues/669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23209
https://notcve.org/view.php?id=CVE-2020-23209
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "List Description" en el módulo "Edit A List" • https://github.com/phpList/phplist3/issues/666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •